0-Day PowerPoint Vulnerability Targeted by Attacks in the Wild

Microsoft is working on a patch

Microsoft has acknowledged officially that a Critical zero-day vulnerability affecting the PowerPoint component of various versions of the Office System is targeted by attacks in the wild. At this point in time there is no update designed to patch the security flaw that impacts Office PowerPoint 2000 Service Pack 3, Office PowerPoint 2002 SP3, and Office PowerPoint 2003 SP3. Microsoft informed that PowerPoint 2007 and PowerPoint 2007 SP1 were by no means affected by the vulnerability.

“So far we’re aware of several distinct exploit files which have been used. They all seem to be used only in targeted attacks and therefore the number of affected customers is very low,” revealed Microsoft’s Cristian Craioveanu and Ziv Mador. The attacks involve in the initial stage a social engineering technique designed to get potential victims to run a specially crafter PowerPoint file.

According to the software giant, the vulnerability can be exploited by making PowerPoint parse a malformed legacy binary file format. The Redmond company has warned that the security flaw is actively used in the wild in order to infect vulnerable machines with malware. Users should not open any PowerPoint documents coming from unknown or untrusted sources as a way to mitigate the threat. The Redmond company is currently working on an update that it will offer either as part of its monthly patch cycle, or as an out-of-band security bulletin.

“The vulnerable code cannot be reached by PowerPoint files in the newer XML file format. If your environment has mostly already migrated to using PPTX, you can temporarily disable the binary file format in your organization using the FileBlock registry configuration described in the security advisory. Alternatively, you can temporarily force all legacy PowerPoint files to open in the Microsoft Isolated Conversion Environment (MOICE),” advised Bruce Dang and Jonathan Ness, from MSRC Engineering.